The NCCIC has published an advisory on use of hard-coded credentials, code injection, sql injection vulnerabilities in Schneider Electric EVLink Parking. Versions 3.2.0-12_v1 and prior are affected. Successful exploitation of these vulnerabilities could allow an attacker to stop the device and prevent charging, execute arbitrary commands, and access the web interface with full privileges. Schneider Electric recommends users setup a firewall to restrict remote access to the charging stations by unauthorized users. A software update is also available for download to mitigate these vulnerabilities. The NCCIC also advises on a series of mitigating measures for this vulnerabilities. Read the advisory at NCCIC/ICS-CERT.
H2Oex: In Person 1 day event/exercise. Thurs Dec 5th. Washington DC. Join us!